WO2015005877A1 - Device for the prevention of capturing customer cards and card information on atms and similar financial machines - Google Patents

Device for the prevention of capturing customer cards and card information on atms and similar financial machines Download PDF

Info

Publication number
WO2015005877A1
WO2015005877A1 PCT/TR2013/000233 TR2013000233W WO2015005877A1 WO 2015005877 A1 WO2015005877 A1 WO 2015005877A1 TR 2013000233 W TR2013000233 W TR 2013000233W WO 2015005877 A1 WO2015005877 A1 WO 2015005877A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
control circuit
information
atms
connection
Prior art date
Application number
PCT/TR2013/000233
Other languages
French (fr)
Inventor
Tuncer DUDUOGLU
Original Assignee
Duduoglu Tuncer
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Duduoglu Tuncer filed Critical Duduoglu Tuncer
Priority to PCT/TR2013/000233 priority Critical patent/WO2015005877A1/en
Publication of WO2015005877A1 publication Critical patent/WO2015005877A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/205Housing aspects of ATMs
    • G07F19/2055Anti-skimming aspects at ATMs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/205Housing aspects of ATMs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/206Software aspects at ATMs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/209Monitoring, auditing or diagnose of functioning of ATMs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/21Retaining of the payment card by ATMs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/20Countermeasures against jamming
    • H04K3/28Countermeasures against jamming with jamming and anti-jamming mechanisms both included in a same device or system, e.g. wherein anti-jamming includes prevention of undesired self-jamming resulting from jamming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/40Jamming having variable characteristics
    • H04K3/42Jamming having variable characteristics characterized by the control of the jamming frequency or wavelength
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/40Jamming having variable characteristics
    • H04K3/43Jamming having variable characteristics characterized by the control of the jamming power, signal-to-noise ratio or geographic coverage area
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/60Jamming involving special techniques
    • H04K3/62Jamming involving special techniques by exposing communication, processing or storing systems to electromagnetic wave radiation, e.g. causing disturbance, disruption or damage of electronic circuits, or causing external injection of faults in the information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/80Jamming or countermeasure characterized by its function
    • H04K3/82Jamming or countermeasure characterized by its function related to preventing surveillance, interception or detection
    • H04K3/825Jamming or countermeasure characterized by its function related to preventing surveillance, interception or detection by jamming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/80Jamming or countermeasure characterized by its function
    • H04K3/86Jamming or countermeasure characterized by its function related to preventing deceptive jamming or unauthorized interrogation or access, e.g. WLAN access or RFID reading
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K2203/00Jamming of communication; Countermeasures
    • H04K2203/10Jamming or countermeasure used for a particular application
    • H04K2203/14Jamming or countermeasure used for a particular application for the transfer of light or images, e.g. for video-surveillance, for television or from a computer screen
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K2203/00Jamming of communication; Countermeasures
    • H04K2203/10Jamming or countermeasure used for a particular application
    • H04K2203/20Jamming or countermeasure used for a particular application for contactless carriers, e.g. RFID carriers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K2203/00Jamming of communication; Countermeasures
    • H04K2203/30Jamming or countermeasure characterized by the infrastructure components
    • H04K2203/32Jamming or countermeasure characterized by the infrastructure components including a particular configuration of antennas

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Computer Security & Cryptography (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

This invention is in regards to the device which is used on ATMs and all similar financial machines, where cards with magnetic strips and chips can be used to deposit and/or withdraw money, in order to protect card information by integrating module for preventing skimming the information on customer cards, module for retaining customer cards to prevent stealing, communications module and event logging module.

Description

SPECIFICATIONS
DEVICE FOR THE PREVENTION OF CAPTURING CUSTOMER CARDS AND CARD INFORMATION ON ATMs AND SIMILAR FINANCIAL MACHINES
TECHNICAL FIELD
This invention is in regards to the device which is used on ATMs and all similar financial machines, where cards with magnetic strips and chips can be used to deposit and/or withdraw money, in order to protect card information by integrating module for preventing skimming the information on customer cards, module for retaining customer cards to prevent stealing, communications module and event logging module. THE PRESENT STATE OF THE ART
Today, via the use of card copying (skimming) devices placed on the card slots of systems which use cards with magnetic strips, especially ATMs, fraudsters are able to copy the information on the magnetic strips found on client cards. By using passwords acquired illegally via the use of a hidden camera along with this information, counterfeit cards are produced, resulting in the unauthorized withdrawals from client accounts.
This technique involves the use of such apparatus constructed from plastic so as to resemble the card slots of ATMs and all similar financial machines which can be easily attached onto ATMs to record information found on magnetic strips via a magnetic reader placed inside the apparatus and record the information to an analog or digital medium. Additionally, via a hidden camera on the ATM, undetectable by the client, clients' card passwords (PIN) are attained. After a duration, these apparatus are removed from the ATM by the fraudsters. Using the card information and passwords gained, counterfeit cards are produced. Similarly, through the use of an apparatus placed inside the card slot of ATMs, called a "Lebanese loop", clients' cards are trapped, preventing the card reader drawing the card in or ejecting it. The client, thinking that his/her card is captured by the ATM, leaves the ATM after which the fraudster retrieves the apparatus and gains the client's card. it is very difficult to detect the apparatus used in card skimming frauds after they have been placed on ATMs and all similar financial machines. Due to the nature of the fraud, even if the crime instrument is detected, it is impossible to prevent the apparatus from working (successfully committing the fraud) without human intervention.
Passive apparatus installed on card insertion slots to prevent the mounting of card copying and trapping apparatus on the surfaces ATMs and all similar financial machines have been developed. Fraudsters have altered the shapes of their crime instruments, manufactured so as to be able to be mounted on these passive apparatus.
Devices which claim to prevent card copying by broadcasting jamming signals or by surface scanning exist. The broadcasting properties of the devices which transmit jamming signals may also damage the various devices present on ATMs. Traditional bar antennas used on these devices are unable to focus their magnetic fields, allowing the ATM card reader to be adversely effected. Loop antennas, while successful in focusing, are unable to be used in all brands and models of ATMs and all similar financial machines due to their sizes.
Surface scan devices may lose calibration, cause false alarms or become unable to detect a real attack. This method involves placing surface scanning sensors on surfaces likely to have the copying device be attached to and constantly scanning the surface capacitance or inductance while comparing results with an initial set- point. The shortcomings of this method are that sensor may be effected by such environmental variables as weather, surrounding devices, light and vibration; losing calibration, their inability to detect threats reliably and causing false alarms with no actual threat present.
DESCRIPTION OF INVENTION
The aforementioned invention resolves the disadvantages of the present technology which have been previously stated. The aforementioned invention is related to a device which is used on ATMs and all similar financial machines, where cards with magnetic strips and chips can be used to deposit and/or withdraw money, in order to protect card information by integrating module for preventing skimming the information on customer cards, module for capturing customer cards physically, communications module and event logging module.
The aforementioned invention, owing to its modular structure, overcomes the various fraud methods perpetrated on ATMs and similar money deposit/withdrawal devices.
With the transition of a proportion of all ATMs in the world to the EMV system (Europay, MasterCard and Visa , a global standard for inter-operation of integrated circuit cards - sales with "chip cards"), there has been a significant increase in card trapping frauds. The aforementioned invention prevents the hitherto unresolved card trapping fraud. The aforementioned invention provides surveillance by transmitting whether it is active or inactive to a control panel. At the same time, it records the information internally, providing offline surveillance capability. The aforementioned invention detects card trapping transgressions in real-time, physically blocking the card and thereby preventing the card from falling into the fraudsters' possession while also alerting the authorities. The jammer broadcasting module of the aforementioned invention is more stable and functions on optimum levels in comparison to its equivalents. The oscillator block providing three distinctive oscillations improves protection against filtering by variable methods. Broadcasting a focused field with its newly developed antenna structure, it minimizes the exposure of the ATM's peripheral units to the magnetic field.
The aforementioned invention is able to keep offline logs. Due to its remote programming property, the aforementioned invention's various properties related to end user's interest can be modified via the monitoring software.
In order to maintain security of the information in the end user's system, all communications between the devices in the field and the monitoring software used to survey the devices and modify parameters are encrypted. To this end, the AES system - an up to date encryption system compliant with international standards - is utilized. Encryption with 128, 192 and 256 bit keys are possible in the AES system. Of these options, the suitable one is produced during the production phase in accordance with the client's preferences.
The aforementioned invention integrates within it modules for the prevention of card skimming, the prevention of card trapping as well as communications and event logger modules. Thereby, it brings solutions to multiple problems.
The aforementioned invention has been designed to be easy to install and operate. The installation process is short and can be done by anyone following basic training. Without the need for experts, it creates employment. Owing to its upgradeable structure, it allows the addition of new modules designed to combat security threats to ATMs and similar financial machines. The aforementioned invention emits a jamming broadcast with focused field antenna, implemented for the first time in this field, increasing the effectiveness of the card skimming prevention system as well as minimizing adverse effects on peripheral units.
The aforementioned invention with, its successful solution to the problem, significantly increases card security against card trapping, widely accepted to be the future of ATM related crimes. The aforementioned invention is a device with high traceability and accessibility due to its event logger and encrypted communication module.
A surface scanning module which works through a different perspective can be added to the aforementioned invention with modification. Various upgrades can be made to be integrated with different types of security software and security systems (CCTV-Alarm systems). The communication module can be upgraded for the reporting of information via different methods (Wi-Fi, GPS, etc.). A module which disrupts the digital recording of spy camera footage used in card skimming can be added. Effectiveness can be improved by developing an apparatus, a bezel, matching the card slots of ATMs and all similar financial machines which house present and future apparatus.
The aforementioned invention can be utilized to prevent the unauthorized copying and physical theft of information on any magnetic card reader system which holds critical information.
REFERENCE LIST
1. Control circuit
2. Field focusing antenna
3. Event logger 4. Communications module
5. Card retainment control circuit
6. Electric motor
7. Card retaining mechanism
8. Reference inlet
9. Power inlet
10. Communications connection
11. Power block
12. +5V Regulator
13. +24 Transmittal
14. Oscillator block
15. Status display
16. Control circuit microprocessor
17. Relay block
8. Peripheral units power outlet
19. Frequency outlet
20. Command relay link
21. Serial communications link
22. Power outlet
23. Event logger microprocessor
24. Real time circuit
25. Memory block
26. Converter unit
27. Connector
28. Card retainment control microprocessor
29. Motor driver circuit
30. Reductor
31. Immobilizing equipment BRIEF DESCRIPTION OF DIAGRAMS
Fig. 1. Schematic of the aforementioned invention
Fig. 2. Detailed schematic of the control circuit of the aforementioned invention Fig. 3. Detailed schematic of the event logger of the aforementioned invention Fig. 4. Detailed schematic of the card retainment control circuit of the aforementioned invention
Fig. 5. Picture of the field focusing antenna of the aforementioned invention EXPLANATION OF THE INVENTION
This invention is a device for protecting the card information on ATMs and all similar financial machines and it is comprised of the following parts: Control circuit
(I) , field focusing antenna (2), event logger (3), communications module (4), card retainment control circuit (5), electric motor (6), card retaining mechanism (7), reference inlet (8), power inlet (9), communications connection (10), power block
(II) , +5v regulator (12), +24 transmittal (13), oscillator block (14), status display (15), control circuit microprocessor (16), relay block (17), peripheral units power outlet (18), frequency outlet (19), command relay link (20), serial communications link (21), power outlet (22), event logger microprocessor (23), real time circuit (24), memory block (25), converter unit (26), connector (27), Card retainment control microprocessor (28), motor driver circuit (29), reductor (30) immobilizing equipment (31). The control circuit (1) is the unit which houses the aforementioned modular invention's power block (11) and main control elements. The power block (11) converts the 24V power provided from the ATM's power supply through power inlet (9) to 5V to the relevant circuits. Additionally, it provides 24V power (13) to the oscillator block (14) for the generation of the necessary signals for the field focusing antenna (2) and to the relay block (17) for the card reader energy power outlet (22).
The control circuit microprocessor (16) controls the relevant units in accordance with the reference information from the ATM card reader. This reference inlet (8) information is collected from the ATM's Shutter Switch or Card Switch pin. The reference information changes upon card entry and exit; this is detected by the reference inlet (8) via the Control Circuit microprocessor (16). The Oscillator Block (14), controlled by the Control Circuit microprocessor (16), produces the necessary Frequency outlet (19) for the jamming broadcast which will be broadcast by the Field focusing antenna (2).
In the case of Time out, the command necessary for the functioning of the card retainment control circuit (5) is produced and sent through the command relay link
(20) .
Status and malfunction information is sent over the serial communications link
(21) to the event logger (3). At the same time, a status display (15) (LED or LCD) can display status information visually.
Field focusing antenna (2) is a separate unit connected to the control circuit (1) via a cable. This is an antenna which copper wire wrapped around generally a C or E shaped ferrite or silicon steel sheet core, broadcasting a transmission preventing the acquisition of data. This is a type of inductor. By sending a square wave signal to the antenna, a focused magnetic field is generated when power is turned on. What sets it apart from Inductive Bar antenna is that instead of generating a homogenous amplitude magnetic field in all directions, it focuses the magnetic field in a specific direction. The magnetic field generated in directions other than the focus direction is negligibly low. The most important property of this feature is the fact that it lowers the magnetic pressure on the peripheral units of ATMs and all similar financial machines while generating a strong enough magnetic field to prevent reading by all types of card skimming devices. The Field focusing antenna's (2) broadcast frequency output varies between 1 kHz and 10kHz.
The Event Logger (3) and control circuit (1) are housed within the same box. This is the component which the malfunction, alarm and broadcast statuses of the invention are recorded and relayed to the communications module (4). The status information received through the Serial communications link (21) is interpreted by the event logger microprocessor (23) and recorded to the memory block (25). In order to ensure precision in the generation of the event log, a real time circuit is used (24). The request command for alteration requests in regards to the parameters which can be made by the end user, relayed by the communications module (4), is interpreted by the event logger microprocessor (23) and relayed to the control circuit microprocessor (16).
The data recorded to the Memory Block (25) is simultaneously relayed to the communication module (4).
The Communication Module (4) is a separate module; it is physically located in another box and connected to the event logger (3) via a cable. It is powered by the peripheral units power outlet (18) controlled by the control circuit (1). The serial data containing the working status information and event creation time information sent by the event logger (3) and converted by the converter unit (26) in accordance with the wishes of the user to be output by USB and DB9 Serial (RS232), is relayed to the relevant connector (27). The communications connection ( 0) established through the ATM computer (USB/RS232 connection) or an internet connection with the monitoring program will allow the relaying of status information to the relevant program. At the same time, a command for alteration requests in regards to the parameters which can be made by the end user can be received in this way. The received alteration request command is relayed to the event logger microprocessor (23). The card retainment control circuit (5) is a separate module; it is physically located in another box and connected to the control circuit (1) via a cable. It houses the electric motor (6) used by the card trapping prevention system and the Card retainment control microprocessor (28) which controls the mechanical card retaining mechanism (7). It is powered by the peripheral units power outlet (18) controlled by the control circuit (1). The signal sent by the command relay link (20) makes Card retainment control microprocessor (28) generate the necessary signal for the electric motor (6). This weak current and amplitude signal is converted to the current and voltage level needed for the electric motor (6) by the motor driver circuit (29) and relayed to the motor.
The electric motor (6) is a part connected to the card retainment control circuit (5) by a cable. It is activated according to a signal from the card retainment control circuit (5). The reductor (30) is comprised of an eccentric rod or gear system attached to the motor shaft and activates the mechanical card retaining mechanism (7).
The card retaining mechanism (7) is a module connected to the electric motor (6) via the reductor (30). The cyclical motion from the electric motor (6) enables the vertical axis motion of the card retaining mechanism (7) via an eccentric rod-guide or gear mechanism located on the reductor (30) and immobilizing equipment (31). The immobilizing equipment (31) and reductor (30) are designed to individually match the varying internal surfaces of ATMs and all similar financial machines. In order to prevent the acquisition of client cards by fraudsters with regard to varying internal surfaces, the reductor (30) includes an eccentric rod or gear system. Similarly, the immobilizing equipment (31) is comprised of a hatch closing off the card exit path with the help of cutting blades or gear mechanism actuated by an eccentric rod connected to the internal surface of ATMs and all similar financial machines.
When a card trapping is detected, the retrieval of the card trapped in the reader as well as the card trapping apparatus is prevented by the card retaining mechanism (7) controlled by the card retainment control circuit (5) causing the sharp blades of the immobilizing equipment or completely closing of the flat surface card reader slot (31), which will be present according to the ATMs and all similar financial machines' model.
Card retaining circuit (card retainment function) steps are as follows:
• Powering up of the modules and the initialization of the system,
• Sending of "READY" information via the command relay link (20),
• Waiting for "IMMOBILIZE" command from the control circuit (1),
• Upon receipt of the "IMMOBILIZE" command, the Card retainment control microprocessor (28) produces driver signals for the motor and relays them to the motor driver circuit (29),
• Driver signals are increased to the voltage and current levels necessary for the electric motor (6) by the motor driver circuit (29),
• The card retaining mechanism (7) is propelled via the mechanical system attached to the motor rod of the electric motor (6),
• Security is maintained by the retaining mechanism (7) moving linearly until the closing limit switch is activated; as a result the client card is stuck inside the card reader or the port is closed, • "NOT READY" information is sent to the control circuit (1),
• Release button checked and wait for it to be pressed,
• When Release button is pressed, driver signals are generated in reverse order and sent to the motor driver circuit (29),
• Square wave signals increased to the voltage and current levels necessary by the electric motor (6) by the motor driver circuit (29),
• Card retaining mechanism (7) is propelled by the mechanical system connected to the motor rod of the electric motor (6),
• Card retaining mechanism (7) moves linearly in the reverse direction until the opening limit switch is activated, resulting in the releasing of the client card,
• Revert to the third step which is "IMMOBILIZE" command control. Event logger (3) - communication modules (4) steps are as follows:
• Powering up of the modules and the initialization of the system,
• Activating the interrupts in the event logger microprocessor (23) and starting listening the communications,
• In the event of a communication request, the source is verified to be the remote request monitoring program or control circuit (1) microprocessor,
• If source is Remote Monitoring Program; the incoming encrypted data is passed through the symmetrical AES key by middleware on the ATM computer and relayed to the communication module after decryption (4),
• Verification of the decrypted data to be URCommand:
• If URCommand;
• Data in the memory block (25) are sent to the remote client in packages,
• After the last package, end communication data is sent; communication subroutine is terminated and the process reverts to the second step, start listening for communication requests,
• If not URCommand:
• Decrypted data is checked to be TMCommand,
• If TMCommand: • Timestamp sent following the command is recorded to the real time circuit (24),
• Communication subroutine is terminated and the process reverts to the second step, start listening for communication requests,
• If not TMCommand:
• Decrypted data is verified to be PCCommand; if not PCCommand, communication subroutine is terminated and the process reverts to the second step, start listening for communication requests,
• If PCCommand:
• Parameter data sent following the command are relayed to the control circuit microprocessor (16),
• Control circuit microprocessor (16) records incoming parameters to the relevant section and uses new value beginning with the next program cycle,
• Communication subroutine is terminated and the process reverts to the second step, start listening for communication requests,
• If source is control circuit microprocessor (16):
• The incoming data is combined with the time information from the real time circuit (24) and recorded to the memory block (25),
• The combined data is relayed to the communication module (4),
• The data relayed as TTL is adjusted by the converter unit (26) to suitable voltage levels and sent to the client (ATM Computer/Monitoring Program),
• Communication subroutine is terminated and the process reverts to the second step, start listening for communication requests.
Steps for the aforementioned invention are as follows:
• Powering up and initialization of the device,
• Powering up of the event logger (3), communication module (4) and card retainment control circuit,
• Powering up of the card reader,
• Control circuit (1), relays "WAITING" status information to the event logger (3), Checking for reference connection, if none found:
Control circuit (1) relays "REFERENCE ERROR" status information to the event logger (3),
Error state is displayed via the status display (15) on the control circuit (1), Card reader power is cut, rendering the ATM out of service and remains in this loop until connection is established,
If a connection is successfully established, the control circuit (1) relays "ONLINE" status information to the event logger (3),
Connection Query function is run,
Counter and CTrapping values are reset,
Card is inserted into the card reader,
Verification of the reference information and, if no reference information is received, revert to the seventh step, Connection Query and remain in said loop until reference information is received,
If reference information is received, CTrapping value is checked: If the value is 1 , revert to the tenth step, reference control,
If the value is 0, the weak current signal is generated via software at a random amplitude and with random frequency by the control circuit microprocessor (16),
The generated signal is strengthened by the Oscillator block (14) and the frequency is shifted according to the environment warmth via hardware, Counter value is increased,
Connection Query function is run,
Counter value is checked to detect if it exceeds TOut value,
If it does not exceed the value, revert to the tenth step - reference control,
If it does exceed the value, set CTrapping value to "1",
Control circuit (1) relays "ALARM" status information to the event logger
(3),
Control circuit microprocessor (16) relays "IMMOBILIZE" command to the card retainment control circuit (5),
Card retainment control circuit (5) runs the Card Retainment function, Connection Query function is run,
Card retainment control circuit (5) "READY" information check, • If no information, revert to the twenty-second step, Connection Query, and remain in this loop until "READY" information is received,
• If information present, revert to tenth step, reference control.
Steps for the Connection Query function are as follows:
• Connection query function is fetched by main program,
• Inductive antenna with focus field (2) connection is checked,
• If no inductive antenna with focus field (2) connection is present:
• Control circuit (1) relays "ANTENNA ERROR" status information to the event logger (3),
• Error state is displayed via the status display (15) on the control circuit (1 ),
• Reset counter and CTrapping values,
• Power to the card reader is cut, rendering the ATM out of service,
• Continue checking connection for Field focusing antenna (2) and keep the card reader powered down until such a time as the connection is reestablished,
• If the connection is successfully established, continue running the program,
• Card retainment control circuit (5) connection is checked,
• If no Card retainment control circuit (5) connection present:
• Control circuit (1) relays "RETAINER ERROR" status information to the event logger (3),
• Error state is displayed via the status display (15) on the control circuit (1 ),
• Counter and CTrapping values are reset,
• Power to the card reader is cut, rendering the ATM out of service,
• Continue checking connection for card retainment control circuit (5) and keep the card reader powered down until such a time as the connection is reestablished,
• If the connection is successfully established, continue running the program,
• Event logger (3) connection is checked,
• If no event logger (3) connection present:
• Control circuit (1) relays "EVENT LOGGER ERROR" status information to the event logger (3), Error state is displayed via the status display (15) on the control circuit (1),
Counter and CTrapping values are reset,
Power to the card reader is cut, rendering the ATM out of service,
Continue checking connection for card retaining event logger (3) and keep the card reader powered down until such a time as the connection is reestablished,
If the connection is successfully established, continue running the program, End connection query function and return to the main program.

Claims

This invention is a device for the protection of card information on ATMs and all similar financial machines and it is comprised of: control circuit (1), field focusing antenna
(2), event logger
(3), communications module
(4), card retaining circuit
(5), electric motor (6), card retaining mechanism (7) and software installed on a computer.
The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that It contains a control circuit microprocessor (16) which commands relevant units according to the changes in the reference information it receives from the ATM card reader through reference inlet (8).
The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that It contains a field focusing antenna (2) copper wire wrapped around generally a C or E shaped ferrite or silicon steel sheet core, broadcasting a transmission preventing the acquisition of data, connected to the control circuit (1) by a cable.
The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that It contains a C or E shaped field focusing antenna which is able to reducing the magnetic stress on the peripheral units of ATMs and all similar financial machines to the minimum while directing and focusing a magnetic force strong enough to prevent all types of card copying devices from acquiring information.
The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that in order to generate a jamming magnetic field to prevent skimming devices from acquiring information, it broadcasts an irregular frequency and amplitude signal containing no meaningful data for skimmer's magnetic card reader.
6. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that It contains an event logger (3) located inside the same box as the control circuit (1) and which logs the device's operating status and relays it to the communication module (4).
7. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that the oscillator block
(14) consists of three distinct oscillator circuits generating signals with different set of characteristics.
8. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that the status information received from the serial communications link (21) is interpreted by the event logger microprocessor (23) and recorded to the memory block (25).
9. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that the data recorded to the memory block (25) is simultaneously relayed to the communications module (4).
10. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that It contains a communications module (4) connected to the event logger (3) via a cable.
11. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that The converter unit (26) converts serial data containing the operating status information and event log time information from the event logger (3) to USB output or DB9 Serial (RS232) output and relays it to the relevant connector (27).
12. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that The communication connection (10) established via the ATM computer (USB/RS232 connection) or internet connection with the client program enables the relaying of status information to the relevant programs and the reception of commands regarding the parameters the end user is authorized to alter via the client system.
13. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that the communication connection (10) made with the client program is encrypted with a symmetrical key algorithm AES.
14. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that The commands sent by the communication module for the alteration of parameters which the end user has access (4) are interpreted by the event logger microprocessor (23) and relayed to the control circuit microprocessor (16).
15. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that the card retainment control circuit (5) which includes motor driver circuit (29) and card retaining control microprocessor (28), which controls mechanical card retaining mechanism (7) and the electric motor (6) is placed in a separate box, connected to the control circuit (1) via a cable and ensures that in the possibility of a card trapping fraud, the customer's card is retained in the card reader slot preventing its theft.
16. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that it contains an electric motor (6) connected via a cable to the card retainment control circuit (5) and which actuates the mechanical card retaining mechanism (7) via the reductor (30) comprised of an eccentric rod or gear system connected to the motor shaft which is activated according to a signal from the card retainment control circuit (5).
17. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that it contains the card retaining mechanism (7) which is connected to electric motor (6) via redactor (30) and provides the vertical motion by means of circular motion of electric motor that actuates eccentric rod or gear system mounted on the reductor (30) and the immobilizing equipment (31).
18. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that it contains immobilizing equipment (31) comprised of a lid which propelled by a gear mechanism and blocks the card exit slot, or blades for clamping actuated by an eccentric rod connected in accordance to the ATM's and similar device's interior surface.
19. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that when card trapping is detected, the card retainment control circuit (5) directs the card retaining mechanism (7) and immobilizing equipment (31) to prevent the retrieval of the card and card jamming apparatus mounted to the card reader, by utilizing clamping blades puncturing the card or blocking the exit slot of the card reader completely with a flat surface in accordance to the ATM's and similar device's model.
20. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that the card retaining circuit (card retainment function) operation steps are as follows:
• Powering up of the modules and the initialization of the system,
· Sending of "READY" information via the command relay link (20),
• Waiting for "IMMOBILIZE" command from the control circuit (1),
• Upon receipt of the "IMMOBILIZE" command, the Card retainment control microprocessor (28) produces driver signals for the motor and relays them to the motor driver circuit (29), • Driver signals are increased to the voltage and current levels necessary for the electric motor (6) by the motor driver circuit (29),
• The card retaining mechanism (7) is propelled via the mechanical system attached to the motor rod of the electric motor (6),
• Security is maintained by the retaining mechanism (7) moving linearly until the closing limit switch is activated; as a result the client card is stuck inside the card reader or the port is closed,
• "NOT READY" information is sent to the control circuit (1),
• Release button checked and wait for it to be pressed,
• When Release button is pressed, driver signals are generated in reverse order and sent to the motor driver circuit (29),
• Square wave signals increased to the voltage and current levels necessary by the electric motor (6) by the motor driver circuit (29),
• Card retaining mechanism (7) is propelled by the mechanical system connected to the motor rod of the electric motor (6),
• Card retaining mechanism (7) moves linearly in the reverse direction until the opening limit switch is activated, resulting in the releasing of the client card,
• Revert to the third step which is "IMMOBILIZE" command control.
21. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that the event logger (3) - communication module (4) operation steps are as follows:
• Powering up of the modules and the initialization of the system,
• Activating the interrupts in the event logger microprocessor (23) and starting listening to communications,
• In the event of a communication request, the source is verified to be the remote request monitoring program or control circuit (1) microprocessor,
• If source is Remote Monitoring Program; the incoming encrypted data is passed through the symmetrical AES key by middleware on the ATM computer and relayed to the communication module after decryption (4), Verification of the decrypted data to be URCommand:
If URCommand;
Data in the memory block (25) are sent to the remote client in packages, After the last package, end communication data is sent; communication subroutine is terminated and the process reverts to the second step, start listening for communication requests,
If not URCommand:
Decrypted data is checked to be TMCommand,
If TMCommand:
Timestamp sent following the command is recorded to the real time circuit (24),
Communication subroutine is terminated and the process reverts to the second step, start listening for communication requests,
If not TMCommand:
Decrypted data is verified to be PCCommand; if not PCCommand, communication subroutine is terminated and the process reverts to the second step, start listening for communication requests,
If PCCommand:
Parameter data sent following the command are relayed to the control circuit microprocessor (16),
Control circuit microprocessor (16) records incoming parameters to the relevant section and uses new value beginning with the next program cycle,
Communication subroutine is terminated and the process reverts to the second step, start listening for communication requests,
If source is control circuit microprocessor (16):
The incoming data is combined with the time information from the real time circuit (24) and recorded to the memory block (25),
The combined data is relayed to the communication module (4),
The data relayed as TTL is adjusted by the converter unit (26) to suitable voltage levels and sent to the client (ATM Computer/Monitoring Program),
Communication subroutine is terminated and the process reverts to the second step, start listening for communication requests.
22. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that the device operation steps are as follows:
• Powering up and initialization of the device,
» Powering up of the event logger (3), communication module (4) and card retainment control circuit,
• Powering up of the card reader,
• Control circuit (1), relays "WAITING" status information to the event logger (3),
• Checking for reference connection, if none found:
• Control circuit (1) relays "REFERENCE ERROR" status information to the event logger (3),
• Error state is displayed via the status display (15) on the control circuit (1 ),
• Card reader power is cut, rendering the ATM out of service and remains in this loop until connection is established,
• If a connection is successfully established, the control circuit (1) relays "ONLINE" status information to the event logger (3),
• Connection Query function is run,
• Counter and CTrapping values are reset,
• Card is inserted into the card reader,
• Verification of the reference information and, if no reference information is received, revert to the seventh step, Connection Query and remain in said loop until reference information is received,
• If reference information is received, CTrapping value is checked: If the value is 1 , revert to the tenth step, reference control,
• If the value is 0, the weak current signal is generated via software at a random amplitude and with random frequency by the control circuit microprocessor (16),
• The generated signal is strengthened by the Oscillator block (14) and the frequency is shifted according to the environment warmth via hardware,
• Counter value is increased, • Connection Query function is run,
• Counter value is checked to detect if it exceeds TOut value,
• If it does not exceed the value, revert to the tenth step - reference control,
• If it does exceed the value, set CTrapping value to "1",
• Control circuit (1) relays "ALARM" status information to the event logger (3),
• Control circuit microprocessor (16) relays "IMMOBILIZE" command to the card retainment control circuit (5),
• Card retainment control circuit (5) runs the Card Retainment function,
• Connection Query function is run,
• Card retainment control circuit (5) "READY" information check,
• If no information, revert to the twenty-second step, Connection Query, and remain in this loop until "READY" information is received,
• If information present, revert to tenth step, reference control.
23. The property of the device for the protection of card information on ATMs and all similar financial machines mentioned in Claim 1 is that connection query function steps are as follows:
• Connection query function is fetched by main program,
• Inductive antenna with focus field (2) connection is checked,
• If no inductive antenna with focus field (2) connection is present:
• Control circuit (1) relays "ANTENNA ERROR" status information to the event logger (3),
• Error state is displayed via the status display (15) on the control circuit (1 ),
• Reset counter and CTrapping values,
• Power to the card reader is cut, rendering the ATM out of service,
• Continue checking connection for Field focusing antenna (2) and keep the card reader powered down until such a time as the connection is reestablished,
• If the connection is successfully established, continue running the program,
• Card retainment control circuit (5) connection is checked,
• If no Card retainment control circuit (5) connection present: • Control circuit (1) relays "RETAINER ERROR" status information to the event logger (3),
• Error state is displayed via the status display (15) on the control circuit (1),
• Counter and CTrapping values are reset,
• Power to the card reader is cut, rendering the ATM out of service,
• Continue checking connection for card retainment control circuit (5) and keep the card reader powered down until such a time as the connection is reestablished,
• If the connection is successfully established, continue running the program,
• Event logger (3) connection is checked,
• If no event logger (3) connection present:
• Control circuit (1) relays "EVENT LOGGER ERROR" status information to the event logger (3),
• Error state is displayed via the status display (15) on the control circuit (1 ),
• Counter and CTrapping values are reset,
• Power to the card reader is cut, rendering the ATM out of service,
• Continue checking connection for card retaining event logger (3) and keep the card reader powered down until such a time as the connection is reestablished,
• If the connection is successfully established, continue running the program,
• End connection query function and return to the main program.
PCT/TR2013/000233 2013-07-12 2013-07-12 Device for the prevention of capturing customer cards and card information on atms and similar financial machines WO2015005877A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/TR2013/000233 WO2015005877A1 (en) 2013-07-12 2013-07-12 Device for the prevention of capturing customer cards and card information on atms and similar financial machines

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/TR2013/000233 WO2015005877A1 (en) 2013-07-12 2013-07-12 Device for the prevention of capturing customer cards and card information on atms and similar financial machines

Publications (1)

Publication Number Publication Date
WO2015005877A1 true WO2015005877A1 (en) 2015-01-15

Family

ID=49305062

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2013/000233 WO2015005877A1 (en) 2013-07-12 2013-07-12 Device for the prevention of capturing customer cards and card information on atms and similar financial machines

Country Status (1)

Country Link
WO (1) WO2015005877A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113284303A (en) * 2021-05-21 2021-08-20 深圳怡化电脑科技有限公司 Card retaining processing method and device, bank device and storage medium
CN113671880A (en) * 2021-08-24 2021-11-19 中科亿海微电子科技(苏州)有限公司 Financial data acceleration system and method
US11276067B2 (en) * 2014-11-10 2022-03-15 Mastercard International Incorporated Systems and methods for detecting compromised automated teller machines

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1992017856A1 (en) * 1991-03-26 1992-10-15 Datacard Corporation Remote credit card issuance apparatus and method
WO1998019262A1 (en) * 1996-10-29 1998-05-07 Electronic Data Systems Corporation Fail-safe event driven transaction processing system and method
WO2000075861A1 (en) * 1999-06-03 2000-12-14 Qi Technologies Corp. Card reader with card capture clamp
US20040178260A1 (en) * 2003-03-10 2004-09-16 Diebold Self-Service Systems Division Of Diebold, Incorporated Cash dispensing automated banking machine with improved card retention capabilities and method
WO2006001781A1 (en) * 2004-06-24 2006-01-05 Kronik Elektrik Elektronik Ve Bilgisayar Sistemleri Sanayi Ticaret Limited Sirketi Apparatus for prevention of reading of magnetic cards
EP1798662A1 (en) * 2005-12-14 2007-06-20 Hitachi-Omron Terminal Solutions, Corp. Card processor
US20110135092A1 (en) * 2008-06-18 2011-06-09 Keba Ag Method and device for proctecting a reading device for card-shaped data carriers from unauthorized evaluation or copying of magnetically encoded data of an inserted card-shaped data carrier
WO2011145940A1 (en) * 2010-05-18 2011-11-24 Kronik Elektrik Elektronik Ve Bilgisayar Sistemleri Sanayi Ticaret Limited Sirketi Driver circuit for transmitting coil of active antimagnetic card copying device
WO2012060690A1 (en) * 2010-10-01 2012-05-10 Kronik Elektrik Elektronik Ve Bilgisayar Sistemleri Sanayi Ticaret Limited Sirketi A self service terminal, an anti-skimming unit, a card reader device, a bezel, a method of jamming and use of an anti-skimming unit

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1992017856A1 (en) * 1991-03-26 1992-10-15 Datacard Corporation Remote credit card issuance apparatus and method
WO1998019262A1 (en) * 1996-10-29 1998-05-07 Electronic Data Systems Corporation Fail-safe event driven transaction processing system and method
WO2000075861A1 (en) * 1999-06-03 2000-12-14 Qi Technologies Corp. Card reader with card capture clamp
US20040178260A1 (en) * 2003-03-10 2004-09-16 Diebold Self-Service Systems Division Of Diebold, Incorporated Cash dispensing automated banking machine with improved card retention capabilities and method
WO2006001781A1 (en) * 2004-06-24 2006-01-05 Kronik Elektrik Elektronik Ve Bilgisayar Sistemleri Sanayi Ticaret Limited Sirketi Apparatus for prevention of reading of magnetic cards
EP1798662A1 (en) * 2005-12-14 2007-06-20 Hitachi-Omron Terminal Solutions, Corp. Card processor
US20110135092A1 (en) * 2008-06-18 2011-06-09 Keba Ag Method and device for proctecting a reading device for card-shaped data carriers from unauthorized evaluation or copying of magnetically encoded data of an inserted card-shaped data carrier
WO2011145940A1 (en) * 2010-05-18 2011-11-24 Kronik Elektrik Elektronik Ve Bilgisayar Sistemleri Sanayi Ticaret Limited Sirketi Driver circuit for transmitting coil of active antimagnetic card copying device
WO2012060690A1 (en) * 2010-10-01 2012-05-10 Kronik Elektrik Elektronik Ve Bilgisayar Sistemleri Sanayi Ticaret Limited Sirketi A self service terminal, an anti-skimming unit, a card reader device, a bezel, a method of jamming and use of an anti-skimming unit

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11276067B2 (en) * 2014-11-10 2022-03-15 Mastercard International Incorporated Systems and methods for detecting compromised automated teller machines
CN113284303A (en) * 2021-05-21 2021-08-20 深圳怡化电脑科技有限公司 Card retaining processing method and device, bank device and storage medium
CN113671880A (en) * 2021-08-24 2021-11-19 中科亿海微电子科技(苏州)有限公司 Financial data acceleration system and method

Similar Documents

Publication Publication Date Title
US9342717B2 (en) Tamper detection system and method
US9379841B2 (en) Mobile device prevention of contactless card attacks
US8760296B2 (en) Access monitoring systems for use with consumer-operated kiosks and other enclosures
US20070034691A1 (en) Using promiscuous and non-promiscuous data to verify card and reader identity
US10148691B2 (en) Detection of unwanted electronic devices to provide, among other things, internet of things (IoT) security
CN107666478B (en) Authentication tag, apparatus, system and method
CN103733633A (en) Video analytics system
US7966262B2 (en) Pay at pump encryption device
JP2007328388A (en) Vending machine having function of preventing unauthorized use with positioning method using gps (global positioning system), and method of preventing unauthorized use of vending machine with positioning method using gps
CN101923677B (en) Data storage system and data storage method
CN103268652A (en) Entrance guard monitoring system and method based on residence permit entrance cards
WO2015005877A1 (en) Device for the prevention of capturing customer cards and card information on atms and similar financial machines
US11837057B1 (en) Intrusion detection systems and methods
CA2798626A1 (en) Biometric banking machine apparatus, system, and method
CN114283510A (en) Intelligent service library system and box storing and taking method thereof
US8622297B1 (en) Card reader anti-skimming assembly and method
CN111438690A (en) Distribution robot, method and device for controlling distribution robot, and storage medium
CN110219546A (en) Intelligent specific store machine and its control method
CN101808234A (en) Monitor processing method and system
US20180286211A1 (en) Systems and methods for foreign object detection
US20180374319A1 (en) A device for detection the foreign objects placed, jamming the data with disruptive signals, issuing warning notices and recording the events in order to protect the data on the cards used in the payment stations
CN101751727B (en) Method and device for monitoring installation of card stealing device as well as self-service terminal
Narmada et al. Design and implementation of security based ATM using ARM11
Srilatha et al. Safety and maintenance of ATM system using Internet of things
WO1994023163A1 (en) System and method for activating a device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13773878

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13773878

Country of ref document: EP

Kind code of ref document: A1